While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to the every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Equifax Data Breach Worse Than Reported, Warren Says

Equifax is under fire from reports that its 2017 data breach was more serious than previously believed, and that it included email addresses and tax ID numbers.

On Friday, Senator Elizabeth
Warren (D-Mass.) sent a letter to Paulino do Rego Barros Jr. , interim CEO of Equifax, citing
“what appears to be misleading, incomplete, or contradictory information” provided to Congress and the public about the breach of data on 145 million Americans. She demanded answers within
a week.

But the firm is “now claiming that passport numbers were not compromised -- despite informing the Committee that they were part of the
"attacker-accessed tables,"she said.

Warren also alleged that the company “continues to dissemble and downplay the significance,” of the attack, and that it claims that email
addresses ‘aren’t considered sensitive personal information.” She demanded the following answers within a week:

A list of all data elements that Equifax has confirmed
were accessed by hackers in the breach.

A list of all data elements that Equifax has reason to believe may have been accessed by the hackers.

A timeline of the company’
efforts to confirm whether the data elements were accessed.

The process used by Equifax to inform the public that taxpayer identification numbers, email addresses, and drivers' license
information were breached.

In a related development, Warren issued a critical staff report to Equifax last week, charging that the company had:

Failed to notify Congress
and regulators about the breach in a timely fashion

Provided inadequate
assistance and information to consumers following the breach

According to the report, Equifax was awarded 2,106 Federal contracts worth over $120 million by such agencies as the
General Services Administration, the Department of Justice, the Department of Homeland Security and the Equal Employment Opportunity Commission, over the past decade.

Calling for federal
legislation to prevent breaches, the report also stated that Equifax had a flawed system to prevent and mitigate data security problems, and that it performed feeble monitoring of endpoint and email
security.

“When a bank locks its doors at night, it doesn’t levee the money on the counter in the assumption that nobody will break in,” the report states. “It locks
the cash in the vault. Equifax, on the other hand, retained sensitive information on easily accessible systems.”